Teso—a commercial airline pilot turned computer security consultant—explained to the conference audience how it's been possible to develop tools which can run on a phone and be used to hack aircraft from the comfort of a window seat. Net Security explains:

By taking advantage of two new technologies for the discovery, information gathering and exploitation phases of the attack, and by creating an exploit framework (SIMON) and an Android app (PlaneSploit) that delivers attack messages to the airplanes' Flight Management Systems (computer unit + control display unit), he demonstrated the terrifying ability to take complete control of aircrafts by making virtual planes "dance to his tune."

One of the two technologies he abused is the Automatic Dependent Surveillance-Broadcast (ADS-B), which sends information about each aircraft (identification, current position, altitude, and so on) through an on-board transmitter to air traffic controllers, and allows aircrafts equipped with the technology to receive flight, traffic and weather information about other aircrafts currently in the air in their vicinity.

The other one is the Aircraft Communications Addressing and Reporting System (ACARS), which is used to exchange messages between aircrafts and air traffic controllers via radio or satellite, as well as to automatically deliver information about each flight phase to the latter.

Advertisement

Exploiting those vulnerabilities means that it's possible to gain information about the onboard computer, as well as deliver spoofed malicious messages that affect the behavior of the plane. There's a rather worrying set of functions in Teso's Android app called PlaneSploit—from changing the intended destination, through flashing interior lights to, umm, crashing the plane—though it's unclear quite how well they'd work in practice.

Which, hopefully, isn't something we'll need to worry about too much—because Teso hasn't shared details of the vulnerabilities and has already started working with the industry to set them straight. If you want more details, go read the Net Security article, which dives right in to the research. [Net Security]